So, I will be a panelist in the following workshop.
2012 NSTIC/IDtrust Workshop: “Technologies and Standards Enabling the Identity Ecosystem”
March 13-14, 2012
NIST – Administration Building – Green Auditorium – Gaithersburg, MD
||Welcome – NSTIC GoalsJeremy Grant, NIST
||Level – Setting: “An Introduction to the 3rd Epoch of IDtrust”Ian Glazer, Gartner
||Keynote-Mapping the Global IDentity EcosystemSpeakers: Karen O’Donoghue, ISOC and Lucy Lynch, ISOC
||Panel: Gaps and Challenges for Advancing the Global Identity EcosystemModerator: Lucy Lynch, ISOC Panelists:
· Tom Smedinghoff, Edwards Wildman Palmer LLP
· John Bradley, OpenID Foundation
· Ken Klingenstein, Internet2
· Leif Johansson, NORDUnet
· Nat Sakimura, NRI / OpenID Foundation
- Gap between US and EU – EU’s Data Protection Regulation requires “Explicit Consent” while US’s Consumer Privacy Bill of Rights allows “Respect for Context (Implicit Consent, necessity) ” judged from the context.
- What constitutes “meaningful consent”?
- “Data Protection” v.s. “Privacy Protection”
- Level of Protection, Level of Control.
- “Rights to be forgotten” v.s. “Rights to change one’s mind”.
- Is deletion of data (rights to be forgotten) realistic (esp. for the ones that were passed to third parties)?
- Provider Linkability and Consumer Linkability 
- Cross boarder transfer of the data
- Why do we expect that it works this time? : Business model around authentication and attribute transfer.
 Different service providers colluding and linking personal data to create unwanted “identity” is a violation of privacy. On the other hand, linking the data location for the user so that he can effectively control the data improves the privacy control.